From a051fc4e6fac99c7d43a051d7b7956ebbd2546cc Mon Sep 17 00:00:00 2001 From: Christian <43847817+codiflow@users.noreply.github.com> Date: Mon, 23 Nov 2020 12:12:35 +0100 Subject: [PATCH] Create nginx_setup.md (#138) --- docs/nginx_setup.md | 53 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 docs/nginx_setup.md diff --git a/docs/nginx_setup.md b/docs/nginx_setup.md new file mode 100644 index 0000000..5ce36e2 --- /dev/null +++ b/docs/nginx_setup.md @@ -0,0 +1,53 @@ +# Nginx as reverse proxy + +Below theres an example of how the site configuration for nginx as a reverse proxy can look like: + +``` +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen 80; + listen [::]:80; + + servername spacedeck.domain.de + + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl on; + + server_name spacedeck.domain.de; + + ssl_certificate /etc/ssl/spacedeck.domain.de.cer; + ssl_certificate_key /etc/ssl/spacedeck.domain.de.key; + + include ssl_params; + + charset utf-8; + client_max_body_size 50m; + + add_header Content-Security-Policy "default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'"; + add_header X-XSS-Protection "1; mode=block;"; + add_header Referrer-Policy "no-referrer"; + + location / { + proxy_pass http://127.0.0.1:9666; + proxy_set_header X-Forwarded-For $remote_addr; + } + + location /socket { + proxy_pass http://127.0.0.1:9666; + proxy_set_header Connection 'upgrade'; + proxy_set_header Upgrade $http_upgrade; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } +} +```